Monday, 19 October 2015

Cloud-Trust - A Security Assessment Model For Infrastructure As A Service (Iaas) Clouds

ABSTRACT

The
vulnerability of Cloud Computing Systems (CCSs) to Advanced Persistent Threats
(APTs) is a significant concern to government and industry. We present a cloud
architecture reference model that incorporates a wide range of security
controls and best practices, and a cloud security assessment model –
Cloud-Trust – that estimates high level security metrics to quantify the degree
of confidentiality and integrity offered by a CCS or cloud service provider
(CSP). Cloud-Trust is used to assess the security level of four multi-tenant
IaaS cloud architectures equipped with alternative cloud security controls and
to show the probability of CCS penetration (high value data compromise) is high
if a minimal set of security controls are implemented. CCS penetration
probability drops substantially if a cloud defense in depth security
architecture is adopted that protects virtual machine (VM) images at rest,
strengthens CSP and cloud tenant system administrator access controls, and
which employs other network security controls to minimize cloud network
surveillance and discovery of live VMs.

AIM

The aim of this paper is estimates
high level security metrics to quantify the degree of confidentiality and
integrity offered by a CCS or cloud service provider (CSP).

SCOPE

The scope of this paper is Cloud-Trust
is used to assess the security level of four multi-tenant IaaS cloud
architectures equipped with alternative cloud security controls and to show the
probability of CCS penetration (high value data compromise) is high if a
minimal set of security controls are implemented.

EXISTING
SYSTEM

Virtualization,
the basis for most CCSs, enables CSPs to start, stop, move, and restart computing
workloads on demand. VMs run on computing hardware that may be shared by cloud
tenants. This enables flexibility and elasticity, but introduces security
concerns. The security status of a CCS depends on many factors, including
security applications running on the system, the hypervisor (HV) and associated
protection measures, the design patterns used to isolate the control plane from
cloud tenants, the level of protection provided by the CSP to cloud tenant user
data and VM images, as well as other factors.

DISADVANTAGES:

It
estimates high level security metrics to quantify the degree of confidentiality
and integrity offered by a CCS

Trick
users into trusting cloud services that are not trustworthy by creating several
accounts and giving misleading trust feedbacks

PROPOSED SYSTEM

These
quantify two key security metrics: IaaS CCS confidentiality and integrity.
Cloud- Trust also produces quantitative assessments of the value and
contribution of specific CCS security controls (including several optional security
controls now offered by leading commercial CSPs), and can be used to conduct
sensitivity analyses of the incremental value of adding specific security
controls to an IaaS CCS, when there is uncertainty regarding the value of a
specific security control (which may be optional and increase the cost of CSP
services).

ADVANTAGES:

IaaS CCS confidentiality and integrity.

It can be used to conduct sensitivity analyses
of the incremental value of adding specific security controls to an IaaS